CVE-2024-57437 – RuoYi v4.8.0 contains a SQL injection vulnerabi... (How to Fix)

Q: What is the severity of CVE-2024-57437?

CVE-2024-57437 has a CVSS score of 6.5 (MEDIUM). RuoYi v4.8.0 contains a SQL injection vulnerability in the orderby parameter at the /monitor/online/list endpoint. This allows attackers to execute arbitrary SQL commands on the database. Organizations using RuoYi v4.8.0 for system monitoring are affected.

📋 TL;DR

RuoYi v4.8.0 contains a SQL injection vulnerability in the orderby parameter at the /monitor/online/list endpoint. This allows attackers to execute arbitrary SQL commands on the database. Organizations using RuoYi v4.8.0 for system monitoring are affected.

💻 Affected Systems

Products:

RuoYi

Versions: v4.8.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific /monitor/online/list endpoint with the orderby parameter.

📦 What is this software?

Ruoyi by Ruoyi

View all CVEs affecting Ruoyi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, or full system takeover via subsequent attacks.

🟠

Likely Case

Unauthorized data access, privilege escalation, or extraction of sensitive information from the database.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-critical data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the vulnerable endpoint, which typically requires authentication in RuoYi.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check the official RuoYi repositories for updates. If a patch is released, update to the fixed version following standard upgrade procedures.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the orderby parameter to allow only safe characters.

Modify the controller handling /monitor/online/list to validate orderby parameter against a whitelist of allowed values

WAF Rule

all

Deploy a web application firewall rule to block SQL injection patterns in the orderby parameter.

Configure WAF to detect and block SQL injection patterns in orderby parameter at /monitor/online/list

🧯 If You Can't Patch

Restrict access to the /monitor/online/list endpoint using network controls or authentication requirements.
Implement database-level protections such as least privilege accounts and query logging.

🔍 How to Verify

Check if Vulnerable:

Test the /monitor/online/list endpoint with SQL injection payloads in the orderby parameter and observe database errors or unexpected behavior.

Check Version:

Check the RuoYi version in the application interface or configuration files.

Verify Fix Applied:

After applying fixes, retest with SQL injection payloads to confirm they are properly rejected or sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Error messages containing SQL syntax from the application

Network Indicators:

HTTP requests to /monitor/online/list with suspicious orderby parameter values

SIEM Query:

source="web_logs" AND uri="/monitor/online/list" AND (orderby CONTAINS "UNION" OR orderby CONTAINS "SELECT" OR orderby CONTAINS "--")

📊 Metadata

CVE ID: CVE-2024-57437

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.16% exploit probability (37.5th percentile)

Published: January 29, 2025

Last Updated: May 14, 2025

🔗 References

https://gitee.com/y_project/RuoYi Product
https://github.com/peccc/restful_vul/blob/main/ruoyi_sqli_orderby/ruoyi_sqli_orderby.md Exploit,Third Party Advisory
https://github.com/yangzongzhuan/RuoYi Product
https://ruoyi.vip/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57437, you might also want to check these: